Menu
▾
▴
resteasy-users
|
From: andrew s. <and...@gm...> - 2014-04-01 05:58:52
|
I've hit a well-known problem with cross site scripting; I'd like to develop javascript locally, but using REST services hosted remotely http://stackoverflow.com/questions/14589031/ajax-request-with-jax-rs-resteasy-implementing-cors I've tried a number of ways of implementing an OPTIONS method that allows clients from other origins to collect, but none of them seem to work. I've tried curl to confirm with curl, but don't see the access-control-* headers returned; my suspicion is that the @path directives are somehow not matching my request. Does anyone have a pointer to an example which works with a recent version of RestEasy (I'm using 3.0.6 and JBoss AS 7.1.1) Thanks.. Andrew |
|
From: Rajshekhar A. <ran...@re...> - 2014-04-02 07:04:05
|
Andrew
The best option is to make an exception mapper for DefaultOptionsMethodException and add the CORS headers within the toResponse method of the mapper. For example:
@Provider
public class OptionsMethodExceptionMapper implements ExceptionMapper<DefaultOptionsMethodException>{
@Override
public Response toResponse(DefaultOptionsMethodException exception) {
Response.ResponseBuilder builder =Response.ok();
//..here add CORS to headers of the builder
return builder.build();
}
By doing this all your resources will have OPTIONS response with CORS headers.
Thanks
A.P. Rajshekhar
----- Original Message -----
From: "andrew simpson" <and...@gm...>
To: res...@li...
Sent: Tuesday, April 1, 2014 11:28:45 AM
Subject: [Resteasy-users] @OPTIONS / allowing cross-site scripting
I've hit a well-known problem with cross site scripting; I'd like to develop javascript locally, but using REST services hosted remotely
http://stackoverflow.com/questions/14589031/ajax-request-with-jax-rs-resteasy-implementing-cors
I've tried a number of ways of implementing an OPTIONS method that allows clients from other origins to collect, but none of them seem to work. I've tried curl to confirm with curl, but don't see the access-control-* headers returned; my suspicion is that the @path directives are somehow not matching my request.
Does anyone have a pointer to an example which works with a recent version of RestEasy (I'm using 3.0.6 and JBoss AS 7.1.1)
Thanks..
Andrew
|
|
From: Bill B. <bb...@re...> - 2014-04-02 12:54:46
|
In 3.0.7 I implemented a CORS filter: https://github.com/resteasy/Resteasy/blob/master/jaxrs/resteasy-jaxrs/src/main/java/org/jboss/resteasy/plugins/interceptors/CorsFilter.java On 4/2/2014 3:03 AM, Rajshekhar AndalaPisharam wrote: > Andrew > > The best option is to make an exception mapper for > DefaultOptionsMethodException and add the CORS headers within the > toResponse method of the mapper. For example: > > @Provider > public class OptionsMethodExceptionMapper implements > ExceptionMapper<DefaultOptionsMethodException>{ > > @Override > public Response toResponse(DefaultOptionsMethodException exception) { > > Response.ResponseBuilder builder =Response.ok(); > //..here add CORS to headers of the builder > return builder.build(); > } > > > By doing this all your resources will have OPTIONS response with CORS > headers. > > Thanks > > A.P. Rajshekhar > ------------------------------------------------------------------------ > From: "andrew simpson" <and...@gm...> > To: res...@li... > Sent: Tuesday, April 1, 2014 11:28:45 AM > Subject: [Resteasy-users] @OPTIONS / allowing cross-site scripting > > I've hit a well-known problem with cross site scripting; I'd like to > develop javascript locally, but using REST services hosted remotely > > http://stackoverflow.com/questions/14589031/ajax-request-with-jax-rs-resteasy-implementing-cors > > I've tried a number of ways of implementing an OPTIONS method that > allows clients from other origins to collect, but none of them seem to > work. I've tried curl to confirm with curl, but don't see the > access-control-* headers returned; my suspicion is that the @path > directives are somehow not matching my request. > > Does anyone have a pointer to an example which works with a recent > version of RestEasy (I'm using 3.0.6 and JBoss AS 7.1.1) > > Thanks.. > > Andrew > > > ------------------------------------------------------------------------------ > > > > _______________________________________________ > Resteasy-users mailing list > Res...@li... > https://lists.sourceforge.net/lists/listinfo/resteasy-users > -- Bill Burke JBoss, a division of Red Hat http://bill.burkecentral.com |
|
From: andrew s. <and...@gm...> - 2014-04-04 04:34:37
|
Rajshekhar, thanks for this suggestion, that worked for me. Here's a pointer to an implementation. https://gist.github.com/ams10961/9968111 Andrew On Wed, Apr 2, 2014 at 9:03 AM, Rajshekhar AndalaPisharam < ran...@re...> wrote: > Andrew > > The best option is to make an exception mapper for > DefaultOptionsMethodException and add the CORS headers within the > toResponse method of the mapper. For example: > > @Provider > public class OptionsMethodExceptionMapper implements > ExceptionMapper<DefaultOptionsMethodException>{ > > @Override > public Response toResponse(DefaultOptionsMethodException exception) { > > Response.ResponseBuilder builder =Response.ok(); > //..here add CORS to headers of the builder > return builder.build(); > } > > > By doing this all your resources will have OPTIONS response with CORS > headers. > > Thanks > > A.P. Rajshekhar > ------------------------------ > From: "andrew simpson" <and...@gm...> > To: res...@li... > Sent: Tuesday, April 1, 2014 11:28:45 AM > Subject: [Resteasy-users] @OPTIONS / allowing cross-site scripting > > I've hit a well-known problem with cross site scripting; I'd like to > develop javascript locally, but using REST services hosted remotely > > > http://stackoverflow.com/questions/14589031/ajax-request-with-jax-rs-resteasy-implementing-cors > > I've tried a number of ways of implementing an OPTIONS method that allows > clients from other origins to collect, but none of them seem to work. I've > tried curl to confirm with curl, but don't see the access-control-* headers > returned; my suspicion is that the @path directives are somehow not > matching my request. > > Does anyone have a pointer to an example which works with a recent version > of RestEasy (I'm using 3.0.6 and JBoss AS 7.1.1) > > Thanks.. > > Andrew > > |
|
From: Rajshekhar A. <ran...@re...> - 2014-04-04 06:23:56
|
Its good to hear it worked for you :). Thanks A.P. Rajshekhar ----- Original Message ----- From: "andrew simpson" <and...@gm...> To: "Rajshekhar AndalaPisharam" <ran...@re...> Cc: res...@li... Sent: Friday, April 4, 2014 10:04:29 AM Subject: Re: [Resteasy-users] @OPTIONS / allowing cross-site scripting Rajshekhar, thanks for this suggestion, that worked for me. Here's a pointer to an implementation. https://gist.github.com/ams10961/9968111 Andrew On Wed, Apr 2, 2014 at 9:03 AM, Rajshekhar AndalaPisharam < ran...@re...> wrote: > Andrew > > The best option is to make an exception mapper for > DefaultOptionsMethodException and add the CORS headers within the > toResponse method of the mapper. For example: > > @Provider > public class OptionsMethodExceptionMapper implements > ExceptionMapper<DefaultOptionsMethodException>{ > > @Override > public Response toResponse(DefaultOptionsMethodException exception) { > > Response.ResponseBuilder builder =Response.ok(); > //..here add CORS to headers of the builder > return builder.build(); > } > > > By doing this all your resources will have OPTIONS response with CORS > headers. > > Thanks > > A.P. Rajshekhar > ------------------------------ > From: "andrew simpson" <and...@gm...> > To: res...@li... > Sent: Tuesday, April 1, 2014 11:28:45 AM > Subject: [Resteasy-users] @OPTIONS / allowing cross-site scripting > > I've hit a well-known problem with cross site scripting; I'd like to > develop javascript locally, but using REST services hosted remotely > > > http://stackoverflow.com/questions/14589031/ajax-request-with-jax-rs-resteasy-implementing-cors > > I've tried a number of ways of implementing an OPTIONS method that allows > clients from other origins to collect, but none of them seem to work. I've > tried curl to confirm with curl, but don't see the access-control-* headers > returned; my suspicion is that the @path directives are somehow not > matching my request. > > Does anyone have a pointer to an example which works with a recent version > of RestEasy (I'm using 3.0.6 and JBoss AS 7.1.1) > > Thanks.. > > Andrew > > |
Thanks for helping keep SourceForge clean.
X